Security and trust issues in ubiquitous environments - The business-to-employee dimension

Walter, Thomas; Bussard, Laurent; Robinson, Philip; Roudier, Yves

SAINT 2004, Conference Workshop on "Ubiquitous network and services, January 26-30, 2004, Tokyo, Japan / Published in 2004 Symposium on Applications and the Internet Workshops (SAINT 2004 Workshops), IEEE Computer Society Press, 2004, ISBN 0-7695-2050-2

Ubiquitous applications and services combined with mobile business applications define a challenging context for security and trust. Besides the basic security requirements for controlled access, confidentiality, data integrity and accountability it is essential to know whether devices surrounding a user are trusted and to distribute application tasks between those devices. We propose a development framework that combines security policies, certificates and an enforcement protocol as a solution to provide security and trust in ubiquitous applications and services. Security policies define the constraints when, how and which mobile devices can be use in a mobile business application. Enforcement of policies makes use of certificates, defined for users and devices, which determine delegable application tasks and trustworthiness of devices. Our proposed framework is flexible - can be dynamically changed, is adaptable - can be dynamically extended, and is scalable - policies and certificates are evaluated on demand and in a distributed

Detail

Document

DOI

BIBTEX

Type:

Conference

City:

Tokyo

Date:

2004-01-26

Department:

Digital Security

Eurecom Ref:

1283

© 2004 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.